Richard Bejtlich's blog on digital security, strategic thought, and military history.

Thursday, October 30, 2003

Orbitz Hacked; Watch Your Credit Cards

CNet reports that Orbitz was compromised, stating "Orbitz has notified law enforcement authorities about a recent security breach that has resulted in its customers' e-mail addresses falling into the hands of spammers." Apparently Orbitz is trying to dodge the California notification law by claiming "no indication that credit card information had been compromised."

Orbitz uses are reporting receiving spam to email addresses used only at Orbitz. I am an Orbitz user, but the email address I use isn't exclusively for Orbitz. However, I hardly get spam to the account I use for Orbitz. For the first 17 days of October, I received 5 spam emails. Over the last 12 days, I've received 20. That's not scientific, but something clearly changed recently.

It's likely that if intruders compromised Orbitz's account list they stole credit cards as well. This is NOT based on any "insider knowledge" of Orbitz or this case. I make this assessment based on experience working similar cases elsewhere. Keep an eye on your statements (online or offline) and report suspicious activity to the card issuer immediately. Changing your Orbitz password is a good idea too.

1 comment:

Anonymous
said...

Yes, I also experienced spam following the orbitz hacking. I was an orbitz customer, with no spam problem. Then two days after reading about the orbitz hacking, I began to get spam. I now get 40 per day. When I wrote to Orbitz about this problem in 2003, they were very unconcerned and took no responsibility.william